PE-sieve
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Loading...
Searching...
No Matches
Public Member Functions | Protected Attributes | List of all members
pesieve::ProcessFeatureScanner Class Referenceabstract

A base class for all the scanners checking appropriate process' features. More...

#include <process_feature_scanner.h>

Inheritance diagram for pesieve::ProcessFeatureScanner:
Inheritance graph
[legend]

Public Member Functions

 ProcessFeatureScanner (HANDLE _processHandle)
 
virtual ~ProcessFeatureScanner ()
 
virtual ModuleScanReportscanRemote ()=0
 

Protected Attributes

HANDLE processHandle
 

Detailed Description

A base class for all the scanners checking appropriate process' features.

Definition at line 12 of file process_feature_scanner.h.

Constructor & Destructor Documentation

◆ ProcessFeatureScanner()

pesieve::ProcessFeatureScanner::ProcessFeatureScanner ( HANDLE _processHandle)
inline

Definition at line 15 of file process_feature_scanner.h.

◆ ~ProcessFeatureScanner()

virtual pesieve::ProcessFeatureScanner::~ProcessFeatureScanner ( )
inlinevirtual

Definition at line 20 of file process_feature_scanner.h.

Member Function Documentation

◆ scanRemote()

virtual ModuleScanReport * pesieve::ProcessFeatureScanner::scanRemote ( )
pure virtual

Perform the scan on the remote process

Returns
a pointer to an object of the class inherited from ModuleScanReport

Implemented in pesieve::ArtefactScanner, pesieve::CodeScanner, pesieve::HeadersScanner, pesieve::IATScanner, pesieve::MappingScanner, pesieve::ThreadScanner, pesieve::WorkingSetScanner, and pesieve::ModuleScanner.

Member Data Documentation

◆ processHandle

HANDLE pesieve::ProcessFeatureScanner::processHandle
protected

Definition at line 29 of file process_feature_scanner.h.

The documentation for this class was generated from the following file:
Generated by doxygen 1.10.0